CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1663 – chromium-browser: use-after-free in blink's v8 bindings
https://notcve.org/view.php?id=CVE-2016-1663
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. La función SerializedScriptValue::transferArrayBuffers en WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp en los enlaces V8 en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no maneja correctamente determinadas estructuras de datos array-buffer, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente tener otro impacto no especificado a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1660 – chromium-browser: out-of-bounds write in blink
https://notcve.org/view.php?id=CVE-2016-1660
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no maneja correctamente las aserciones en las clases WTF::BitArray y WTF::double_conversion::Vector, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente tener otro impacto no especificado a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1664 – chromium-browser: address bar spoofing
https://notcve.org/view.php?id=CVE-2016-1664
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. La función HistoryController::UpdateForCommit en content/renderer/history_controller.cc en Google Chrome en versiones anteriores a 50.0.2661.94 no maneja correctamente la interacción entre las navegaciones hacia delante del submarco y otras navegaciones hacia delante, lo que permite a atacantes remotos lo que permite a atacantes remotos suplantar la barra de dirección a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co • CWE-254: 7PK - Security Features •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2016-1661 – chromium-browser: memory corruption in cross-process frames
https://notcve.org/view.php?id=CVE-2016-1661
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. Blink, tal como se utiliza en Google Chrome en versiones anteriores a 50.0.2661.94, no asegura que los marcos satisfagan una comprobación para el mismo proceso de renderización en adición a una comprobación de la Same Origin Policy, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) o posiblemente tener otro impacto no especificado a través de sitio web manipulado, relacionado con BindingSecurity.cpp y DOMWindow.cpp. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_28.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html http://rhn.redhat.com/errata/RHSA-2016-0707.html http://www.debian.org/security/2016/dsa-3564 http://www.securityfocus.co • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1656 – chromium-browser: android downloaded file path restriction bypass
https://notcve.org/view.php?id=CVE-2016-1656
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. La implementación de download en Google Chrome en versiones anteriores a 50.0.2661.75 en Android permite a atacantes remotos eludir las restricciones de nombre de ruta previstas a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2016-0638.html https://crbug.com/570750 https://security.gentoo.org/glsa/201605-02 http • CWE-284: Improper Access Control •